https://bugzilla.mindrot.org/show_bug.cgi?id=3666
Bug ID: 3666
Summary: sshd crash
Product: Portable OpenSSH
Version: 8.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: pawan.badganchi at kpit.com
This is regarding sshd crash.
sshd crash is being observed during openssh ptest running everytime and
it's reproducible.
Currently we are maintaining dunfell version openssh_8.2p1.
Below is the error message we get. How can i resolve this issue? Could
you please help here?
sshd[27514]: Connection from UNKNOWN port 65535 on UNKNOWN port 65535
sshd[27514]: debug1: Local version string SSH-2.0-OpenSSH_8.2
sshd[27514]: error: kex_exchange_identification: Connection closed by
remote host
debug1: inetd sockets after dupping: 3, 4
bmt sshd[27580]: Connection from UNKNOWN port 65535 on UNKNOWN port
65535
debug1: Local version string SSH-2.0-OpenSSH_8.2
sshd[27580]: error: kex_exchange_identification: client sent invalid
protocol identifier ""
--
You are receiving this mail because:
You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Pawan Badganchi from comment #0)> This is regarding sshd crash.
What makes you think this is a crash?
> sshd crash is being observed during openssh ptest running everytime
> and it's reproducible.
> Currently we are maintaining dunfell version openssh_8.2p1.
This seems to refer to a version of Yocto, and ptest is some kind of
package test?
> Below is the error message we get. How can i resolve this issue?
> Could you please help here?
>
> sshd[27514]: Connection from UNKNOWN port 65535 on UNKNOWN port 65535
> sshd[27514]: debug1: Local version string SSH-2.0-OpenSSH_8.2
> sshd[27514]: error: kex_exchange_identification: Connection closed
> by remote host
This means that something (presumably caused by your ptest) to invoke
sshd in a way that did not involve a TCP connection (eg running sshd
-i) then immediately disconnecting.
> debug1: inetd sockets after dupping: 3, 4
> bmt sshd[27580]: Connection from UNKNOWN port 65535 on UNKNOWN port
> 65535
> debug1: Local version string SSH-2.0-OpenSSH_8.2
> sshd[27580]: error: kex_exchange_identification: client sent
> invalid protocol identifier ""
This is more or less the same, with the difference being that whatever
it was sent an empty initial protocol identifier (probably a newline).
If your tests are invoking sshd to test it, they should probably use -e
to write its logs to stderr or -E to write it to a file rather than
letting it write to syslog.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666 --- Comment #2 from Pawan Badganchi <pawan.badganchi at kpit.com> --- (In reply to Darren Tucker from comment #1)> (In reply to Pawan Badganchi from comment #0) > > This is regarding sshd crash. > > What makes you think this is a crash? > > > sshd crash is being observed during openssh ptest running everytime > > and it's reproducible. > > Currently we are maintaining dunfell version openssh_8.2p1. > > This seems to refer to a version of Yocto, and ptest is some kind of > package test? > > > Below is the error message we get. How can i resolve this issue? > > Could you please help here? > > > > sshd[27514]: Connection from UNKNOWN port 65535 on UNKNOWN port 65535 > > sshd[27514]: debug1: Local version string SSH-2.0-OpenSSH_8.2 > > sshd[27514]: error: kex_exchange_identification: Connection closed > > by remote host > > This means that something (presumably caused by your ptest) to > invoke sshd in a way that did not involve a TCP connection (eg > running sshd -i) then immediately disconnecting. > > > debug1: inetd sockets after dupping: 3, 4 > > bmt sshd[27580]: Connection from UNKNOWN port 65535 on UNKNOWN port > > 65535 > > debug1: Local version string SSH-2.0-OpenSSH_8.2 > > sshd[27580]: error: kex_exchange_identification: client sent > > invalid protocol identifier "" > > This is more or less the same, with the difference being that > whatever it was sent an empty initial protocol identifier (probably > a newline). > > If your tests are invoking sshd to test it, they should probably use > -e to write its logs to stderr or -E to write it to a file rather > than letting it write to syslog.> What makes you think this is a crash?>> We are checking post test crash for openssh, so there this issue is observed.> This seems to refer to a version of Yocto, and ptest is some kind of > package test?>> Yes this is version of YOCTO and kind of package test.> This means that something (presumably caused by your ptest) to > invoke sshd in a way that did not involve a TCP connection (eg > running sshd -i) then immediately disconnecting.>> May be i need to check the logs, thanks for your input. Will get back if need help.-- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666 --- Comment #3 from Pawan Badganchi <pawan.badganchi at kpit.com> ---> > What makes you think this is a crash? >We are checking post test crash for openssh, so there this issue is observed.> > > This seems to refer to a version of Yocto, and ptest is some kind of > > package test? >Yes this is version of YOCTO and kind of package test.> > > This means that something (presumably caused by your ptest) to > > invoke sshd in a way that did not involve a TCP connection (eg > > running sshd -i) then immediately disconnecting. >May be i need to check the logs, thanks for your input. Will get back if need help. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666 --- Comment #4 from Darren Tucker <dtucker at dtucker.net> --- (In reply to Pawan Badganchi from comment #3)> > > What makes you think this is a crash? > > > We are checking post test crash for openssh, so there this issue is > observed.What do you mean by "check post test crash"? Is there a core dump? If so, can you get a backtrace? ("gdb /path/to/sshd /path/to/coredump" the "bt"). -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666 --- Comment #5 from Pawan Badganchi <pawan.badganchi at kpit.com> --- (In reply to Darren Tucker from comment #4)> (In reply to Pawan Badganchi from comment #3)> What do you mean by "check post test crash"? Is there a core dump? > If so, can you get a backtrace? ("gdb /path/to/sshd > /path/to/coredump" the "bt").We are checking the functionality of package by writing some tests. Yes will get backtrace if core dump file is available. Thanks. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666 --- Comment #6 from Pawan Badganchi <pawan.badganchi at kpit.com> --- (In reply to Darren Tucker from comment #4)> (In reply to Pawan Badganchi from comment #3) > > > > What makes you think this is a crash? > > > > > We are checking post test crash for openssh, so there this issue is > > observed. > > What do you mean by "check post test crash"? Is there a core dump? > If so, can you get a backtrace? ("gdb /path/to/sshd > /path/to/coredump" the "bt").Please find the backtrace below. (gdb) bt full #0 0x0000ffffb5aa3c50 in __GI___libc_write (fd=3, buf=buf at entry=0xffffd89e5fe8, nbytes=36) at ../sysdeps/unix/sysv/linux/write.c:26 _x2tmp = 36 _x0tmp = 3 _x0 = -27 _x2 = 36 _x8 = 64 _x1tmp = 281474316001256 _x1 = 281474316001256 _sys_result = <optimized out> _sys_result = <optimized out> _x0tmp = <optimized out> _x0 = <optimized out> sc_ret = <optimized out> _sys_result = <optimized out> _sys_result = <optimized out> _x1tmp = <optimized out> _x1 = <optimized out> sc_cancel_oldtype = <optimized out> _x2tmp = <optimized out> _x2 = <optimized out> _x8 = <optimized out> #1 0x0000aaaad4054dc4 in do_log (level=level at entry=SYSLOG_LEVEL_FATAL, fmt=<optimized out>, args=...) at log.c:467 msgbuf = "mm_log_handler: write: Broken pipe\r\n\000\000\000\000\360`\236\330\377\377\000\000\354\235\242\265\377\377\000\000\\`\236\330\377\377\000\000\300c\236\330\377\377\000\000\060.000\377\000\000\360a\236\330\377\377\000\000\000\000\000\000\000\000\000\000\060\000\000\000.\000\000\000\060\000\000\000\060\000\000\000\060\000\000\000\377\377\000\000\350\377\377\377\200\377\377\377", '\000' <repeats 42 times>, "\060r\225\333t\272\342\230\357\006", '\000' <repeats 43 times>... fmtbuf = "mm_log_handler: write: Broken pipe\000\377\001\000\000\000\377\377\377\377\377\377\377\377`t\236\330\377\377\000\000 \000\000\000\000\000\000\000\063\000\000\000\000\000\000\000\n\000\000\000\377\377\000\000u\000\000\000\000\000\000\000 \000\000\000\203#\024", '\000' <repeats 25 times>, "\030\004\260\265\377\377\000\000\220d\236\330\377\377\000\000\000j\236\330\377\377\000\000\030\343\244\265\377\377\000\000Pk\236\330\377\377\000\000\377\003\000\000\000\000\000\000\257q\b\324\252\252\000\000\240k\236\330\377\377\000\000x\330\a\324\252\252\000\000\002\000\000\000\000\000\000\000"... txt = <optimized out> pri = <optimized out> saved_errno = <optimized out> tmp_handler = <optimized out> #2 0x0000aaaad405313c in fatal (fmt=<optimized out>) at fatal.c:42 args = {__stack = 0xffffd89e6970, __gr_top = 0xffffd89e6970, __vr_top = 0xffffd89e6930, __gr_offs = -56, __vr_offs = -128} #3 0x0000aaaad4036bfc in mm_log_handler (level=level at entry=SYSLOG_LEVEL_INFO, msg=msg at entry=0xffffd89e6df8 "Connection closed by authenticating user root UNKNOWN port 65535", ctx=<optimized out>) at monitor_wrap.c:101 log_msg = 0xaaab05c77c10 mon = <optimized out> r = <optimized out> len = <optimized out> __func__ = "mm_log_handler" #4 0x0000aaaad4054cc8 in do_log (level=level at entry=SYSLOG_LEVEL_INFO, fmt=<optimized out>, args=...) at log.c:462 msgbuf = "Connection closed by authenticating user root UNKNOWN port 65535\000\000\000\000\000\000\000\000\060w\346\265\377\377\000\000\000\220\f\324\252\252\000\000\254\222\f\324\252\252\000\000\a\000\000\000\000\000\000\000\220j\236\330\377\377\000\000\234\352\003\324\001\000\000\000\060\024\307\005\253\252\000\000\230\237\f\324\252\252\000\000\240j\236\330\377\377\000\000\350\064\245\265\377\377\000\000\b#\307\005\253\252\000\000\310L\005\324\252\252\000\000 k\236\330\377\377\000\000\340\315\243\265\377\377\000\000&\000\000\000\000\000\000\000\360p\236\330\377\377\000\000"... fmtbuf = "Connection closed by authenticating user root UNKNOWN port 65535\000c delay 0.000ms", '\000' <repeats 16 times>, "\001\000\000\000\000\000\000\000\000p\342\265\377\377\000\000mm_request_receive entering\000q\353 )\221\333\033G\307\311\303\270\026BY\351q\353 *\221\333\033G\307\311\303\270\340n\236\330\377\377\000\000d\006\320\265\377\377\000\000\350S\307\005\253\252\000\000\b\000\000\000\000\000\000\000"... txt = <optimized out> pri = <optimized out> saved_errno = <optimized out> tmp_handler = 0xaaaad4036b58 <mm_log_handler> --Type <RET> for more, q to quit, c to continue without paging-- #5 0x0000aaaad4054f78 in logdie (fmt=<optimized out>) at log.c:191 args = {__stack = 0xffffd89e7380, __gr_top = 0xffffd89e7380, __vr_top = 0xffffd89e7340, __gr_offs = -56, __vr_offs = -128} #6 0x0000aaaad4058634 in sshpkt_vfatal (ssh=ssh at entry=0xaaab05c77e50, r=-52, fmt=fmt at entry=0xaaaad407a38c "%s", ap=...) at packet.c:1860 tag = 0x0 remote_id = "authenticating user root UNKNOWN port 65535\000\253\252\000\000\260\217\307\005\253\252\000\000\000\000\000\000\000\000\000\000\b\000\000\000\000\000\000\000<\000\000\000\000\000\000\000\000\200\f\324\252\252\000\000P~\307\005\253\252\000\000\020\000\000\000\000\000\000\000\360t\236\330\377\377\000\000\244\264\245\265\377\377\000\000\b\000\000\000\000\000\000\000(z\264\265\377\377\000\000\020o\346\265\377\377\000\000\340*\001\000\000\000\000\000 \225\307\005\253\252\000\000\000\000\000\000\000\000\000\000\331\265\a\324\252\252\000\000\332/\b\324\252\252\000\000\000\200\a\324\252\252\000\000T\311\a\324\252\252\000\000"... oerrno = 1 __func__ = "sshpkt_vfatal" #7 0x0000aaaad40587bc in sshpkt_fatal (ssh=ssh at entry=0xaaab05c77e50, r=<optimized out>, fmt=fmt at entry=0xaaaad407a38c "%s") at packet.c:1908 ap = {__stack = 0xffffd89e7730, __gr_top = 0xffffd89e7730, __vr_top = 0xffffd89e7700, __gr_offs = -40, __vr_offs = -128} #8 0x0000aaaad405ce40 in ssh_dispatch_run_fatal (ssh=ssh at entry=0xaaab05c77e50, mode=mode at entry=0, done=done at entry=0xaaab05c76be0) at dispatch.c:134 r = <optimized out> __func__ = "ssh_dispatch_run_fatal" #9 0x0000aaaad4029bf0 in do_authentication2 (ssh=0xaaab05c77e50) at auth2.c:178 authctxt = 0xaaab05c76be0 #10 0x0000aaaad401ea50 in main (ac=<optimized out>, av=<optimized out>) at sshd.c:2200 ssh = 0xaaab05c77e50 r = <optimized out> opt = <optimized out> on = 1 already_daemon = <optimized out> remote_port = 65535 sock_in = <optimized out> sock_out = <optimized out> newsock = <optimized out> remote_ip = 0xaaab05c76f50 "UNKNOWN" rdomain = <optimized out> fp = <optimized out> line = <optimized out> laddr = <optimized out> logfile = <optimized out> config_s = {-1, -1} i = <optimized out> j = <optimized out> ibytes = 281470681743560 obytes = 187651416129664 new_umask = <optimized out> key = 0xaaab05c59900 pubkey = 0xaaab05c6cab0 keytype = <optimized out> authctxt = 0xaaab05c76be0 connection_info = <optimized out> __func__ = "main" (gdb) -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666 --- Comment #7 from Pawan Badganchi <pawan.badganchi at kpit.com> --- Hi, Provided the backtrace above. Could you please check? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666 --- Comment #8 from Pawan Badganchi <pawan.badganchi at kpit.com> --- Provided the backtrace above. Could you please check? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666 --- Comment #9 from Pawan Badganchi <pawan.badganchi at kpit.com> --- Could you please check? -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #10 from Damien Miller <djm at mindrot.org> ---
We're all volunteers on this project. Repeatedly nagging us is not
going to make us look at your problem any faster.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666 --- Comment #11 from Pawan Badganchi <pawan.badganchi at kpit.com> --- (In reply to Damien Miller from comment #10)> We're all volunteers on this project. Repeatedly nagging us is not > going to make us look at your problem any faster.Okay sorry, will wait until your reply. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
https://bugzilla.mindrot.org/show_bug.cgi?id=3666 --- Comment #12 from Damien Miller <djm at mindrot.org> --- The traceback says where the program terminated, but not *why*. Was it a SIGSEGV, a SIGBUS or something else? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.